module
Synology Forget Password User Enumeration Scanner
| Disclosed |
|---|
| 2011-01-05 |
Disclosed
2011-01-05
Description
This module attempts to enumerate users on the Synology NAS
by sending GET requests for the forgot password URL.
The Synology NAS will respond differently if a user is present or not.
These count as login attempts, and the default is 10 logins in 5min to
get a permanent block. Set delay accordingly to avoid this, as default
is permanent.
Vulnerable DSMs are:
DSM 6.1
DSM 6.0
DSM 5.2
by sending GET requests for the forgot password URL.
The Synology NAS will respond differently if a user is present or not.
These count as login attempts, and the default is 10 logins in 5min to
get a permanent block. Set delay accordingly to avoid this, as default
is permanent.
Vulnerable DSMs are:
DSM 6.1
DSM 6.0
DSM 5.2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.